Search
⌃K
Links

Access token

To use Identity SDK, you will first need to have a access token. This page presents the steps on how to create keys, generate the Identity access token and the recommended ways to do it.

Getting your keys

  1. 2.
    If you do not have a token, generate one.
  2. 3.
    Retrieve the clientId and clientSecret from one of the generated tokens.
Do not store these fields directly in your mobile/web application. These values should not leave your backend.
You can repeat this procedure to generate accesses combining different functions and SDKs.

Generating your token

The following steps describe how you can generate a token that is valid only for a specific user. This is the recommended way to generate and distribute tokens because it limits a possible attack to a single user account.
  1. 1.
    At some point in your application flow, create a JWT with the structure of the example below;
    • Remember to replace the {clientId}, {personId} and {expiresAt} fields.
    • All of these fields are strongly recommended, but you can see which ones are required at the bottom of this page.
  2. 2.
    Sign the token with your clientSecret;
  3. 3.
    Send this token to your application.
Example:
Header
Payload
{
"alg": "HS256",
"typ": "JWT"
}
{
"iss": "{clientId}", // string
"exp": {expiresAt}, // number
"personId": "{personId}" // string
}
  1. 1.
    Go to jwt.io;
  2. 2.
    Keep the Header field, do not change;
  3. 3.
    Edit the payload, only the iss field is required;
  4. 4.
    Replace your-256-bit-secret with your clientSecret;
  5. 5.
    Click Share JWT to copy the generated token to the clipboard;
  6. 6.
    Use this token to authenticate the SDK.

JWT payload parameters

Parameter
Required
Description
iss
Yes
Your clientId
exp
No
Expiration time (seconds since the Unix Era)
personId
No
The CPF (Individual Taxpayer Registration Number) for which the token will be valid
​